TLS Security Settings window

System Administrator Guide for VSP 5000 Series

Version
90-08-8x
Audience
anonymous
Part Number
MK-98RD9009-13

This section describes the TLS Security Settings window features and controls.



Item Description
Protocol Protocols that is allowed to be used in the communication path. The following protocols are supported:
  • TLS1.2
  • TLS1.3
Cipher Suites Cipher Suites that are allowed to be used in the communication path. The following cipher suites are supported:
  • TLS1.2
    • TLS_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_AES_128_CBC_SHA256
    • TLS_RSA_WITH_AES_256_CBC_SHA256
    • TLS_RSA_WITH_AES_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS1.3
    • TLS_AES_128_GCM_SHA256
    • TLS_AES_256_GCM_SHA384
Minimum Key Length (Key Exchange) Sets the minimum key length allowed for key exchange during the communications.

The minimum key length supported by the key exchange algorithm set on the TLS Security Setting dialog box in the Tool Panel dialog box is applied when a certificate with RSA public key is set during the communications between the management client and the SVP.

When the following cipher suites are valid, and when a server certificate, root certificate, or client certificate with an RSA public key is uploaded to the SVP, the key length of the RSA public key of the certificate must be longer than the key length selected on the TLS Security Setting dialog box in the Tool Panel dialog box.

  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384

When the SVP communicates with a Syslog server, key management server, external authentication and authorization server, or Hitachi Command Suite server, the key length of the key exchange key set on the server must satisfy the following:

  • RSA: 2048 bits or more
  • DHE: 2048 bits
  • ECDHE: secp256r1, secp384r1, or secp521r1

The supported key exchange algorithms have a minimum key lengths.

RSA
2048 bits
3072 bits
4096 bits
DHE
2048 bits
ECDHE
256 bits (secp256r1)
384 bits (secp384r1)
521 bits (secp521r1)
Renegotiation Sets whether to allow (Yes) or disallow (No (Recommended)) renegotiation.